@RobBos81 profile picture
Rob Bos @RobBos81
Joined January 2010
  • Tweets 8,994
  • Following 628
  • Followers 718
686 Photos and videos
Pinned Tweet
Rob Bos@RobBos81
12 Jan 2023
I have archived this account after the new management changes that are very unpleasant. Please find me somewhere else through my blog👇, @Rob_Bos@mstdn.social or LinkedIn: LinkedIn.com/in/bosrob

👾 Rob Bos - Linkedin Learning | LinkedIn

I’m Rob Bos, Consultant and Trainer at Xebia. I help engineering teams adopt GitHub and… · Ervaring: Linkedin Learning · Opleiding: Hogeschool Zuyd (Maastricht, Heerlen, Sittard) · Locatie: Eindhoven...

nl.linkedin.com
1
411
Rob Bos@RobBos81
12 Jan 2023
Very insightful post on attacking Source Control Management systems (SCM)! medium.com/boostsecurity/sls…

SLSA dip — At the Source of the problem!

This article is part of a multi-part series about the security of the software supply chain. We will be analyzing in depth each component…

medium.com
199
Rob Bos@RobBos81
12 Jan 2023
Interesting read! medium.com/bondora-engineeri…

How to Increase Deployment Observability and Simplify Deployment Pipelines

We had visibility of deployments - what was deployed and when but we did not have observability — what changes are deployed by who and why.

medium.com
1
3
166
Rob Bos@RobBos81
11 Jan 2023
The GitHub Silverware Drawer Dilemma, Or: Finding Active Repository Forks | Hackaday hackaday.com/2023/01/08/the-…

The GitHub Silverware Drawer Dilemma, Or: Finding Active Repository Forks

An fortunate reality of GitHub and similar sites is that projects that are abandoned by the maintainer are often continued by someone else who forked the project. Unfortunately, the ease of forking…

hackaday.com
87
Rob Bos@RobBos81
11 Jan 2023
I scanned every package on PyPi and found 57 live AWS keys tomforb.es/i-scanned-every-p…
1
146
Rob Bos@RobBos81
10 Jan 2023
Devs urged to rotate secrets after CircleCI suffers security breach | The Daily Swig portswigger.net/daily-swig/d…

Web Application Security, Testing, & Scanning - PortSwigger

PortSwigger offers tools for web application security, testing, & scanning. Choose from a range of security tools, & identify the very latest vulnerabilities.

portswigger.net
1
132
Rob Bos@RobBos81
10 Jan 2023
10 software supply chain attacks you can learn from reversinglabs.com/blog/10-su…

10 software supply chain attacks you can learn from | RL Blog

Supply chain attacks are surging and no one is immune. That has CISOs and boards worried. Learn from notable 2022 software supply chain attacks. 

reversinglabs.com
1
68
Rob Bos@RobBos81
9 Jan 2023
My best viewed blogposts created in 2022: Number 1 devopsjournal.io/blog/2022/0… Explaining the different types of GitHub Access Tokens you can use to get access to GitHub

GitHub Access Tokens explained

A clear comparison of GitHub access tokens: Personal Access Tokens, the GITHUB_TOKEN, and GitHub App tokens, with security guidance on when to use each type.

devopsjournal.io
83
Rob Bos@RobBos81
9 Jan 2023
My top blogposts created in 2022: Number 2 devopsjournal.io/blog/2022/0… Only created in August, but now my best viewed post on a monthly basis! Six reasons of why you workflow did not start and how to check them!

My GitHub Actions workflows are not starting

Troubleshooting guide for GitHub Actions workflows that are not starting, covering file location, branch triggers and scheduled workflow configuration issues.

devopsjournal.io
75
Rob Bos@RobBos81
6 Jan 2023
My top blogposts created in 2022: Number 3 devopsjournal.io/blog/2022/0… About a much asked for approach to cleanup the notifications on GitHub

GitHub Notification Settings

Take control of GitHub notification settings by configuring automatic watching, participating filters, and Dependabot alerts to cut noise and stay productive.

devopsjournal.io
85
Rob Bos@RobBos81
6 Jan 2023
My top blogposts created in 2022: Number 4 devopsjournal.io/blog/2022/0… About scanning the entire! GitHub Actions Marketplace for security issues in their dependencies!

Analyzing the GitHub marketplace - Dependency security is a big issue

A security analysis of the GitHub Actions Marketplace examining dependency vulnerabilities across thousands of actions and the supply chain risks they present.

devopsjournal.io
80
Rob Bos@RobBos81
5 Jan 2023
My top blogposts created in 2022: Number 5 devopsjournal.io/blog/2022/0… About detecting usage of the camera in Windows and triggering my Home Automation setup for that!

Automating my home setup: turning on the lights when the camera is in use

Learn how to automate your home office setup using Home Assistant to turn on key lights and speakers automatically when your camera is detected as active.

devopsjournal.io
73
Rob Bos@RobBos81
5 Jan 2023
My top blogposts created in 2022: Number 6: devopsjournal.io/blog/2022/0… My take on how I create a GitHub Action and where I start.

Creating a GitHub Action

Learn the step-by-step workflow for creating a GitHub Action: from inline github-script to a standalone JavaScript action complete with unit tests and CI/CD.

devopsjournal.io
1
93
Rob Bos@RobBos81
4 Jan 2023
My top blogposts created in 2022: Number 7: Configuration as Code for the GitHub platform. There are lots of posts talking about this, but few with an actual implementation. I create one for inviting users and creating repos for them. Read it here: devopsjournal.io/blog/2022/0…

Configuration as Code for the GitHub platform

Learn how to implement Configuration as Code for GitHub, automating user onboarding, team creation, and repository setup using YAML files and GitHub Actions.

devopsjournal.io
1
127
Rob Bos@RobBos81
26 Dec 2022
Finding the next Log4j – OpenSSF’s Brian Behlendorf on pivoting to a ‘risk-centred view’ of open source development. portswigger.net/daily-swig/f…

Web Application Security, Testing, & Scanning - PortSwigger

PortSwigger offers tools for web application security, testing, & scanning. Choose from a range of security tools, & identify the very latest vulnerabilities.

portswigger.net
100
Rob Bos@RobBos81
20 Dec 2022
So... I have enabled actionlint on 3 repos today, and fixed 2 workflows that had vulnerabilities or errors in them. And I am educating people on using GitHub Actions in a safe way for a couple of years now! ActionLint: github.com/rhysd/actionlint/ #BeSaferPeople #DevOps #GitHub
1
120
Rob Bos@RobBos81
9 Dec 2022
New blogpost! Adding the OSSF scorecard action to your repository: devopsjournal.io/blog/2022/1… This can help you improve the security in your repository, with actionable alerts (and super easy fixes for some!).

Improving your GitHub repositories security setup by adding the OSSF scorecard action

Learn how to add the OSSF scorecard GitHub Action to your repo to automatically assess open source security best practices and display a public score badge.

devopsjournal.io
Rob Bos@RobBos81
8 Dec 2022
.NET 7 Networking Improvements devblogs.microsoft.com/dotne…

.NET 7 Networking Improvements - .NET Blog

Introducing new networking features in .NET 7 including HTTP space, new QUIC APIs, security, WebSockets, and more!

devblogs.microsoft.com
1
Rob Bos@RobBos81
1 Dec 2022
These numbers are scary! (On the other hand: I will always have a job!). Culture a Stumbling Block to DevOps, DevSecOps devops-com.cdn.ampproject.or…
Rob Bos@RobBos81
30 Nov 2022
Dependabot now supports security updates for Dart and Flutter apps that use Pub packages github.blog/changelog/2022-1…

Dependabot now supports security updates for Dart and Flutter apps that use Pub packages - GitHub...

Dependabot security updates now supports the Pub ecosystem, making it easier for you to fix vulnerable dependencies in your Dart or Flutter apps. With security updates enabled, Dependabot will...

github.blog
1
2
Load more